Sonic Breach Linked to Joker’s Stash of 5 Million Stolen Credit Cards, Apple iOS Location Loophole & MIT’s CodeCarbonCopy

 

Sonic Breach Linked to 5 Million Credit Cards on Joker’s Stash¬†– The fast-food chain with nearly 3,600 locations throughout the US has acknowledged that it has suffered a major cyber breach in its store payment systems. It also seems that the mysterious and unprecedented upload of 5 million credit cards on Joker’s Stash recently all had been used at Sonic previously. The cards are part of a batch called “Firetigerrr” and are all organised by city, state and zip code, which allows buyers to purchase cards from people nearby them, thus thwarting out-of-state anti-fraud defenses. The cards range from $25-$50 and include nearly all variations (Amex, Visa, Mastercard), levels (classic, standard and platinum) and debit and credit. The investigation is still in the early stages, so it will have to been seen on whether all or the majority of the stolen cards are from Sonic or whether there are other companies affected. We will have to wait and see.

iOS Apps Extract Data Location – A loophole that allows rogue iOS apps to gain access to geo-location data and GPS information by obtaining image permissions from photographs on devices has been raised by Fastlane Tools. The issue it seems comes from permissions being bundled together under the same dominant umbrella permission. Allowing an app to have access to your photos for file upload can also provide it access to extract the metadata from the photographs. This data may seem inconsequential at first but this data when combined and analysed can create a picture of a person’s daily, weekly, monthly routine, including their workplace, home location and other regular timings. As always, be careful what you download, conduct your research and be careful what permissions you grant.

Port Code Automation¬†– Scientists at MIT have developed a new tool called ‘CodeCarbonCopy’ that can automatically port code from one project to another, mapping the differences and adapting the imported code to fit the new codebase. Two key features allow the tool to do this. First, it has the ability to detect and map variables from one codebase to another and secondly, it can map out how the two programmes represent data internally and adjust the ported code. Still not publicly available, it has however been tested privately with a near perfect success rate. If this development proves fruitful and reliable, it could be the holy grail of software engineering, automatic code reuse. No set date for the release of the tool has been announced.